Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 10:19:34 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  DNS Forward blocked
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: DNS Forward blocked  (Read 20819 times)
gavins38
Full Member
***
Offline Offline

Posts: 10


« on: Tuesday 02 February 2016, 01:42:20 am »

While investigating a separate issue on our internet connection, I discovered that DNS Forward was not working on our DNS servers. It works perfectly fine if I set the servers up to bypass the firewall so I figured it must have been a configuration issue on the firewall. We're running Endian Community Firewall 3.0. I've tried adding in an 'incoming routed traffic' rule for port 53 but this doesn't seem to solve the problem. Does anyone know where I need to add in the port exception so that my local DNS servers can query the internet for external DNS?
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #1 on: Tuesday 02 February 2016, 04:48:14 am »

Have you a rule in "Outgoing traffic", like this: Source: GREEN (ORANGE, BLUE); Destination: RED; Service: DNS; Protocol: TCP+UDP; Port: 53; Policy: ALLOW with IPS?
Logged
gavins38
Full Member
***
Offline Offline

Posts: 10


« Reply #2 on: Wednesday 03 February 2016, 12:42:02 am »

The outgoing firewall is currently not enabled. I assume this means that all traffic is allowed?

When I ran a traceroute on one of the IPs being used for as a DNS forward, the ping reached the end server but did not make the return journey back to me. This is why I thought it was a firewall issue.
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #3 on: Wednesday 03 February 2016, 03:30:00 am »

Usually, all traffic (inbound and outbound) is blocked (disabled) by default.
You must enable "Outgoing traffic" to reach the internet. Then, you must define rules according to your needs.
There are some rules that are enabled by default by the system. One of these rules is from Firewall -> Outgoing traffic -> Show system rules: Allow Ping/Traceroute (ICMP/8, ICMP/30).
Logged
gavins38
Full Member
***
Offline Offline

Posts: 10


« Reply #4 on: Wednesday 03 February 2016, 09:04:46 pm »

Thanks for your help. I enabled the outgoing firewall and my download speed was instantly reduced by 50%. I can't leave it like that without impacting the rest of the company so I've disabled it again. However my original problem now seems to have resolved itself so I'm wondering if BT's DNS servers weren't working yesterday when I checked. I'll keep an eye on it for now and investigate the outgoing firewall options again if the problem comes back.

Thanks again for your help!
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com